Businesses justifiably want to let people know that they are still open. However, an email to their entire database should be viewed with caution because it risks breaking the law on email marketing.
Aside from the obvious problem of striking the right tone with recipients facing significant personal and economic challenges, difficult legal questions arise when emails go beyond basic information about business continuity.
There are anecdotal reports of emails seeking to reassure customers that their favourite brands are ‘there for them’, with some even offering promotions such as ‘19% off’. It is reasonable to assume that recipients facing personal tragedy and economic uncertainty will take a dim view and complaints to the Information Commissioner’s Officer (ICO) may follow. While the ICO may show some forbearance toward businesses genuinely grappling with the implications of an unprecedented crisis that is unlikely to extend to their email marketing.
The law on electronic marketing communications is straightforward. The Privacy and Electronic Communications Regulations 2003 (PECR) require that you must not send an electronic direct marketing communication to an individual unless:
- they have specifically consented to electronic mail from you; or
- they are an existing customer who bought (or negotiated to buy) a similar product or service from you in the past, and you gave them a simple way to opt out both when you first collected their details and in every message you have sent (the soft opt in).
That means if you can demonstrate both of the above (assuming consent complied GDPR requirements for it to be recorded, specific, informed and freely given) the email is likely to comply with the law.
However, there may be lots of contacts you want to send the email to for whom you are unable to demonstrate consent or may have already opted out of receiving direct marketing communications. The prudent approach is to exclude promotions, discounts or any invitation to purchase from the email. Although the temptation may be to consider it an essential business announcement rather than marketing in order to avoid the requirements of the PECR. This carries significant risk.
Therefore the question the business considering sending the email should ask themselves is
‘is this email actually a direct marketing communication?’
The PECR define a marketing communication as the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals. All promotional material falls within this definition, including material promoting the aims of not-for-profit organisations.
The definition is intentionally broad, ICO guidance states that it is not limited to promotions, discounts or special offers. Anything intended to promote or raise awareness of the business could be a marketing communication. This makes any email about coronavirus sent to an unfiltered distribution list a significant risk.
There are parallels with the GDPR coming into force in 2018. Many businesses saw this as an opportunity to reconnect with customers, with marketing emails thinly disguised as public service communications about data subjects’ rights. These emails resulted in significant fines from the ICO for some of the worst offenders. We can expect an even tougher approach as a result of the current pandemic.